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IPSec protocol between a local area network using local IP addresses and servers on the internet. 

IN THE CLAIMS 
Please rewrite claims 1 - 12, as follows: 
1. (Amended) A network address translating gateway connecting a LAN to an extemal 

network, said LAN using local IP addresses, said gateway having a local IP address that can be seen 
by apices on said LAN and having an extemal IP address that can be seen by devices on said 
extemal network, said gateway comprising: 

a plumity of internal tables associating combinations of local IP addresses of local devices 
on said LAN, extehial IP addresses of extemal devices on said extemal network, SPI - In values, SPI 
- Out values, source pK)rt addresses, destination port addresses, reserved port addresses, and 
maintaining a list of reserved port addresses, 

means for performing nomial address translation upon datagrams passing from said LAN to 
said extemal network and datagrams^assing from said extemal network to said LAN, 

means for delivering a datagram m)m a local device on said LAN to an extemal device on 
said extemal network by receiving a datagram^om a local device on said LAN intended for delivery 
to an extemal device on said extemal network, and^termining whether the destination port address 
for said datagram is included in said list of reserved {K)rt addresses and, if said destination port 
address is not included in said list of reserved port addresses>performing normal address translation 
upon said datagram and passing said datagram to said extemal network for routing and delivery to 
said extemal device, 

and if said destination port address is included in said hst oKreserved port addresses, 
determining whether said destination port address is bound to said local IPWdress of said local 




device, and if said destination port address is bound to said local IP address, performing normal 
addtess translation upon said datagram and passing said datagram to said external network for 
routing\and delivery to said external device, 

ancl if said destination port address is not bound to said local IP address of said local device, 
modifying sard source IP address of said datagram to be said external IP address of said gateway, 
binding said destination port address to said local IP address of said local device and creating an 
association between siaid destination port address and the external IP address of said external device, 
and passing said datagram to said external network for routing and delivery to said external device. 

2. (Amended) The netWork address translating gateway of claim I, wherein the means for 
delivering a datagram from a local device on said LAN to an external device further comprises a 
means for determining whether said datagram is encrypted and, if said datagram is encrypted, for 
determining whether the SPI of said data^^am is recorded in the SPI - Out field in said internal table 
and, if said SPI is recorded in said SPI - Out Add, modifying the source LP address of said datagram 
to be said extemal EP address of said gateway and passing said datagram to said external network for 
routing and delivery to said extemal device. \ 

3 . (Amended) The network address translating gateway of claim 2, further comprising if said 
SPI is not recorded in said SPI - Out field of said internal table>means for setting the SPI - In field 
corresponding to the local IP address of said local device equal toVero and setting said SPI - Out 
field equal to said SPI, modifying said source IP address of said datagram to be said extemal IP 
address of said gateway and passing said datagram to said extemal networMor routing and deUvery 
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to said external device. 

\ 

\ 

4. (Amended) The network address translating gateway of claim 1, wherein the network 

address transla1;ing gateway further comprises means for delivering a datagram from said external 
device to said local device by receiving a datagram from said external device on said external 
network intended for delivery to said local device on said LAN, means for determining whether said 
datagram is encrypted and, if said datagram is encrypted, determining whether the datagram's SPI 
is recorded in said SPI - hi ^eld of said internal table and, if said SPI is recorded in said SPI - In 
field, modifying the destinatiomff address of said datagram to be said local IP address of said local 
device and passing said datagramvto said LAN for routing and delivery to said local device, 
and if said SPI is not recorded in\said SPI - In field of said intemal table, determining whether 
said SPI - In field corresponding to said IP address of said external device is equal to zero and, if said 
SPI - In field is not equal to zero, discarding said datagram, and if said SPI - In field is equal to zero, 
setting said SPI - In field equal to said SPI, modiftdng the destination IP address of said datagram 
to be said local IP address of said local device and passing said datagram to said LAN for dehvery 
to said local device, and if said datagram is not encrypted, determining whether the destination port 
address for said datagram is included in said list of reserved port addresses and, if said destination 
port address is not included in said list of reserved port ad^sses, performing normal address 
translation upon said datagram and passing said datagram to saM LAN for delivery to said local 
device, and if said destination port address is included in said list^of reserved port addresses, 
determining whether said destination port address is bound to the local IP address of said local 
device, if said destination port address is not bound to said local IP address, discarding said 



\ 

datagram, and if said destination port address is bound to said local IP address, modifying said 
destination IP address of said datagram to be said local IP address of said local device, unbinding 
said destination port address from said local IP address, and passing said datagram to said LAN for 
delivery to said local device. 

5. (Amended) \ The network address translating gatev^ay of claim 1, further comprising a 
timer, wherein, upon reviving a signal that a port address has become bound to an IP address, said 
timer will commence timing for a predetermined length of time and, upon the expiration of said 
predetermined length of time, will send a signal causing said port address to become unbound from 
said IP address, and, upon receivinka signal indicating that said port address has become unbound 
from said IP address prior to the expiraiion of said predetermined length of time, said timer will stop 
timing and will reset. \ 

6. (Amended) The network address tran^ting gateway of claim 1 in which said external 
network is the internet. \ 

7. (Amended) The network address translating gateWay of claim 6 in which said LAN is a 
virtual private network. \ 

8. (Amended) A method of processing IP datagrams from a local device on a LAN using 
local IP addresses through a network translating gateway to an external device on an external 
network comprising the steps of;_ \ 
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\ maintaining a plurality of tables associating local EP addresses of local devices on said LAN, 
external EP addresses of external devices on said external network, port addresses of said local 
devices, port addresses of said external devices, SPI - In values, SPI - Out values, and reserved port 
addresses, and a list of reserved port addresses, 
receiving a datagram from said LAN 

determinmg whether the destination port address for said datagram is included in said table 
of reserved port addresses and, if said destination port address is not included in said table of 
reserved port addressesy^erforming normal address translation upon said datagram and passing said 
datagram to said extemal\ietwork for routing and delivery to said external device, 

and if said destination port address is included in said table of reserved port addresses, 
determining whether said destination port address is bound to an IP address, and if said destination 
port is bound to an IP address, peVorming normal address translation upon said datagram and 
passing said datagram to said external network for routing and delivery to said external device, 

and if said destination port address\s not bound to an EP address, modifying said source IP 
address to be said external IP address for said external device, binding said destination port address 
to the local IP address of said local device and creating an association between said destination port 
address and said external IP address of said extem^device, and passing said datagram to said 
external network for routing and delivery to said extema\device. 

9. (Amended) The method of claim 8, further comprising the steps of: 

determining whether said datagram is encrypted and, i\ said datagram is encrypted, 
determining whether the SPI in said datagram is recorded in the SPI - Out field of one of said 
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pmrality of internal tables and, if said SPI is recorded in said SPI - Out field of said internal table, 
mooifying the source IP address to be the external IP address of said gateway and passing said 
datagram to said external network for routing and delivery to said external device, and if said SPI 
is not recorded in said SPI - Out field of said internal table, setting said SPI - Out field corresponding 
to the IP address of said external device equal to said SPI and setting the SPI - In field of said 
internal table to. zero, modifying said source IP address to be said external IP address of said 
gateway, and passing said datagram to said external network for routing and delivery to said external 
device. \ 

1 0. (Amended) A method of processing EP datagrams fi'om an external device on an external 

network through a network translating gateway to a local device on a LAN using local IP addresses, 
comprising the steps of \ 

maintaining a plurality of tables^ssociating local IP addresses of local devices on said LAN, 
external IP addresses of external devicesxDn said external network, port addresses of said local 
devices, port addresses of said external devic^SPI - In values, SPI - Out values, and reserved port 
addresses, and a list of reserved port addresses, \ 

receiving a datagram fi*om said external network 

determining whether said datagram is encryptea. and if said datagram is not encrypted, 
determining whether the destination port address for said data^-am is included in said list of reserved 
port addresses, and if said destination port address is not included in said list of reserved port 
addresses, performing normal address translation and passing said diagram to said LAN for routing 
and delivery to said local device, \ 
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\ and if said destination port address is included in said list of reserved port addresses, 
determimng whether said destination port address is bound to said local IP address, and if said 
destinatioiM)ort is not bound to said local IP address, discarding said datagram, 

and if\aid destination port address is bound to said local IP address, modifying said 
destination ff address to be said local IP address of said local device, unbinding said destination port 
address from said local IP address, and passing said datagram to said LAN for routing and delivery 
to said local device. \ 

1 1 . (Amended) The method of claim 10, wherein the method further comprises the steps, if 
said datagram is encrypted, of: \ 

determining whether the SPI ifi said datagram is recorded in the SPI - In field of one of said 
plurality of intemal tables and, if said SPI is recorded in said SPI - In field of said intemal table, 
modifying the destination IP address to be tWe intemal IP address of said local device and passing 
said datagram to said LAN for routing and delivery to said local device, 

and if said SPI is not recorded in said SPI - In field of said intemal table, determining whether 
said SPI - In field corresponding to the IP address of sard extemal device is zero, and if said SPI - 
In field is not zero, discarding said datagram, \ 

and if said SPI - In field is equal to zero, modifying\aid SPI - In field to be said SPI, 
modifying said destination IP address to be said local IP address of said local device, and passing 
said datagram to said LAN for routing and deUvery to said local device. 

12. (Amended) The method of processing IP datagrams as claimeAin claim 11, fiirther 
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comprishig the steps of starting a timer whenever said destination port address becomes bound to 

said local IP\ddress of said local device, 

resettling^aid timer whenever said destination port address has become released, 

and sending a^signal whenever said timer is active and a predetermined length of time has 

expired from the time sai^ timer was started. 



Please add the following new claims 13-18: 




13. (New) The method oi^processing IP datagrams as claimed in claim 12, further 
comprising the steps of starting a timer whenever said destination port address becomes bound to 
said local IP address of said local device, 

resetting said timer whenever said destination port address has become released, 
and sending a signal whenever said timer is^ctive and a predetermined length of time has 
expired from the time said timer was started. 

14. (New) The method of processing EP datagrams\s claimed in claim 1 1 , in which said 
external network is the internet. 

15. (New) The method of processing EP datagrams as claime^in claim d of processing 
IP datagrams as claimed in claim 1 1 in which said LAN is a virtual private i^etwork. 



17. (New) 



The method of processing IP datagrams as claimed in claim rs2 in which said 
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LAN is a virtual private network. 

1 8 . (N ew) A machine readable storage, having stored thereon a computer program having 

a pluraHty\>f code sections executable by a machine and for connecting a LAN to an extemal 
network via a network address translating gateway, wherein said gateway having a local IP address 
that can be seen by devices on said LAN and having an extemal IP address that can be seen by 
devices on said extemal network, and further including a plurality of internal tables associating 
combinations of local EP addresses of local devices on said LAN, extemal IP addresses of extemal 



devices on said extemal network, source port addresses, destination port addresses, reserved port 
addresses, and a list of reservedvport addresses, for assisting the machine to perform the steps of: 
attempting to deliver a datagram from a local device on said LAN to an extemal device on 

\ 

said extemal network by receiving a datagram from a local device on said LAN intended for delivery 
to an extemal device on said extemal network; 

determining whether the destination port address for said datagram is included in said list of 
reserved port addresses and determining whether said destination port address is bound to said local 
IP address of said local device; 
performing normal address translation upon said datagram^'and passing said datagram to said extemal 
network for routing and delivery to said extemal device ir\said destination port address is not 
included in said list of reserved port addresses; 

performing normal address translation upon said datagram arid passing said datagram to said 
extemal network for routing and delivery to said extemal device, if saiddestination port address is 
included in said list of reserved port addresses and if said destination portVddress is bound to said 
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